Specialists Wordfence report that in early January dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed on more than 80,000 sites. This plugin, developed by WebFactory Ltd, is designed to invest in database setup and quick reset to default settings. As a result, bugs can be used to capture sites and reset tables in the database.
First issue tracked as CVE-2020-7048, Scored 9.1 points on a ten-point CVSS vulnerability rating scale. The experts found that none of the database functions is protected by any checks or warnings, which is why any user has the ability to reset any database tables without authentication. All that is needed to reset the site is a simple request to delete messages, pages, comments, users, downloaded content, and so on.
The second vulnerability carries an identifier CVE-2020-7047 and has 8.1 on the CVSS scale. This bug allows any authenticated user (regardless of privilege level) not only to give himself administrative rights, but also to take away rights from other users with one simple request. Thus, the attacker will remain the only administrator and completely take control of the site.
“Each time a wp_users table is reset, all users are deleted, including any administrators, except for the current user who is logged on. The user sending such a request will be automatically upgraded to administrator, even if he was a simple subscriber, ”experts say.
It is recommended that all users of a vulnerable plug-in immediately update it to the latest version (WP Database Reset 3.15). While they managed to do it only 8% users.